CVE-2024-49588 (GCVE-0-2024-49588)
Vulnerability from cvelistv5
Published
2024-11-21 19:59
Modified
2024-11-27 16:13
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U
CWE
  • CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Summary
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
References
Impacted products
Vendor Product Version
Palantir com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar Version: *   
Version: 0.347.0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oracle-sidecar",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "0.544.0",
                "status": "affected",
                "version": "0.347.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T15:36:09.668611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T16:13:10.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar",
          "vendor": "Palantir",
          "versions": [
            {
              "lessThan": "0.544.0",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0.347.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input."
            }
          ]
        },
        {
          "capecId": "CAPEC-108",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-21T19:59:45.456Z",
        "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "shortName": "Palantir"
      },
      "references": [
        {
          "url": "https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c"
        },
        {
          "url": "https://cwe.mitre.org/data/definitions/89.html"
        }
      ],
      "source": {
        "defect": [
          "PLTRSEC-2024-46"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Multiple authenticated SQL injections in oracle-sidecar"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
    "assignerShortName": "Palantir",
    "cveId": "CVE-2024-49588",
    "datePublished": "2024-11-21T19:59:45.456Z",
    "dateReserved": "2024-10-16T19:09:45.689Z",
    "dateUpdated": "2024-11-27T16:13:10.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-49588\",\"sourceIdentifier\":\"cve-coordination@palantir.com\",\"published\":\"2024-11-21T20:15:42.707\",\"lastModified\":\"2024-11-21T20:15:42.707\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 que varios endpoints en `oracle-sidecar` en las versiones 0.347.0 a 0.543.0 eran vulnerables a inyecciones de SQL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://cwe.mitre.org/data/definitions/89.html\",\"source\":\"cve-coordination@palantir.com\"},{\"url\":\"https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c\",\"source\":\"cve-coordination@palantir.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"shortName\": \"Palantir\", \"dateUpdated\": \"2024-11-21T19:59:45.456Z\"}, \"references\": [{\"url\": \"https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c\"}, {\"url\": \"https://cwe.mitre.org/data/definitions/89.html\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.\"}]}, {\"capecId\": \"CAPEC-108\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"baseSeverity\": \"MEDIUM\", \"baseScore\": 6.8, \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U\", \"version\": \"3.1\"}}], \"source\": {\"defect\": [\"PLTRSEC-2024-46\"], \"discovery\": \"INTERNAL\"}, \"title\": \"Multiple authenticated SQL injections in oracle-sidecar\", \"affected\": [{\"product\": \"com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar\", \"versions\": [{\"versionType\": \"semver\", \"lessThan\": \"0.544.0\", \"version\": \"*\", \"status\": \"affected\"}, {\"versionType\": \"semver\", \"lessThan\": \"*\", \"version\": \"0.347.0\", \"status\": \"affected\"}], \"vendor\": \"Palantir\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-89\", \"description\": \"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.\", \"lang\": \"en\", \"type\": \"CWE\"}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49588\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-27T15:36:09.668611Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*\"], \"vendor\": \"oracle\", \"product\": \"oracle-sidecar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.347.0\", \"lessThan\": \"0.544.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-27T16:13:01.870Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-49588\", \"assignerOrgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Palantir\", \"dateReserved\": \"2024-10-16T19:09:45.689Z\", \"datePublished\": \"2024-11-21T19:59:45.456Z\", \"dateUpdated\": \"2024-11-27T16:13:10.426Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.